| Platform SDK: Active Directory, ADSI, and Directory Services |
Since the number of objects accessible from a directory service may be very large, you need some way to specify particular objects without naming collisions. ADsPaths enable you do just that both for a single provider and across multiple providers.
An ADsPath is a case-sensitive string guaranteed to uniquely identify an ADSI object on any given directory service. Because ADSI objects exist within the context of the namespace of the underlying directory service, part of the syntax of an ADsPath name is provider-specific.
ADSI ships with four different providers, as shown in the following table.
| Provider | Purpose |
|---|---|
WinNT: |
For communicating with Windows NT® 4.0 PDCs (Primary Domain Controllers) and BDCs (Backup Domain Controllers). |
LDAP: |
For communicating with LDAP servers, including Exchange 5.x directory and Windows® 2000 Active Directory™. |
NDS: |
A provider for Novell Directory Services servers. |
NWCOMPAT: |
For accessing Novell NetWare servers. |
You can use these provider names to access the default provider's namespace. For example, if you bind to LDAP, ADSI binds to a container which contains the domain object which is currently logged on. If you bind to WinNT, ADSI binds to a container that holds objects that correlate to all domains in the network.
The initial elements of the ADsPath string are the programmatic identifier (progID) of the ADSI provider, followed by "://", followed by whatever syntax is dictated by the provider namespace.
The following are examples of ADsPaths:
LDAP://ldapsvr/CN=TopHat,DC=DEV,DC=MSFT,DC=COM LDAP://MyDomain.microsoft.com/CN=TopHat,DC=DEV,DC=MSFT,DC=COM LDAP://cn=MyName,o=msft,c=us WinNT://MyDomain/ComputerName,Computer WinNT://MyDomain/UserAccount NDS://MarsTree/O=MARS/OU=MARTIANS/CN=MyFavorite NWCOMPAT://NWServer/MyNw3xPrinter
Note The ":"(colon) is part of the standard COM name. The provider name is case sensitive: WinNT is different from WINNT.
To find all providers installed in your computer you can bind to ADs:
Set x = GetObject("ADs:")
For Each provider In x
provider.Name
Next
Using the LDAP namespace, you can specify the ADsPath either in an X.500 distinguished name (DN) form, starting with the CN tag, or you can specify its hierarchical inverse, starting with the O tag. The form you use in the initial ADsPath determines the order of the tags.
Characters that have special meaning when referring to an ADsPath are listed in the following table.
| Special character names | Character | Comment |
|---|---|---|
| Double quote | " | Used to quote any part of the ADsPath that may contain a special character so that the string is interpreted literally.
For example, "CN=Name/Prefix" |
| Backward slash | \ | Escape character, used to precede special characters to signify they should be used as literals, including the '\' character and ',' (commas).
For example, |
| Forward slash | / | Component separator. |
| Right and left angle bracket | <> | Delimits an ADsPath within another naming convention. |
In order to delimit an ADsPath in a search specification or as part of an URL, use angle brackets. For example, "<WinNT://MyDomain/UserAccount>".
Some ADSI providers may have additional restrictions on the syntax because of their namespace requirements.
In addition to supporting ADsPaths, ADSI also supports COM globally unique identifiers (GUIDs), which provide a well-known way to establish a unique tag which can distinguish an object from all other objects ever created. However, binding to an ADSI container object only allows you to perform a limited number of operations on the container object. These include the examination of its attributes and the enumeration of its immediate children. For example:
Dim con As IADsContainer
Dim obj As IADs
Set con = GetObject("LDAP://svr01/<GUID=xxxx>")
con.Filter = Array("user")
For each item in con
debug.print item.Name " & of " & item.Class
Next
All the other operations, that is, GetObject, Create, Delete, CopyHere, and MoveHere, are not supported in the container's GUID representation. This is because binding using GUID (or SID) is intended for low overhead and, thus, fast binds, which are often used for object introspection. More discussions of GUID representation of an object can be found under the description of the get_GUID property method for IADs.